New ACO parameter in r12.8x

book

Article ID: 198885

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

We upgraded the PolicyServer from r12.51x to r12.8x.
It has new ACO parameter, but following three parameters are not documented in r12.8 tecdoc.

・ConformToRFC6265
・ValidErrorPageDomain
・PreserveUniversalId

Environment

Release : 12.8

 

Resolution

They are explained on following tecdoc and kb.

  • ConformToRFC6265

New ACO Parameter ConformToRFC6265
From 12.52 SP1 CR09, you can use the ConformToRFC6265 ACO parameter to specify whether a leading dot must be appended to a domain name when the value of CookieDomain is empty.


https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/release-notes/new-features/web-agent-new-features.html#concept.dita_48b28dfcee69aa8132137da000342ef37ef3ed5e_NewACOParameterConformToRFC6265
Multiple SmSession Cookies are being generated for Federation Partnership setup
https://knowledge.broadcom.com/external/article?articleId=95861

 

  • ValidErrorPageDomain

Open redirect issue smerrorpage
https://knowledge.broadcom.com/external/article?articleId=98423

 

  • PreserveUniversalId

New ACO Parameter preserveuniversalID
From 12.52 SP1 CR08, you can configure the preserveuniversalid ACO parameter to set Universal ID to non-protected resources too when a valid SMSESSION cookie is available.


https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/release-notes/new-features/policy-server-new-features.html#concept.dita_e0bde2269285bc75a5394859011cc4f6ab538d60_NewACOParameterpreserveuniversalID